Content CDN Cloudflare to Stackpath

[robinkwilson]

Cloudflare blocks when videos are streamed through their service. Use Stackpath which is less expensive than default AWS Cloudfront.

https://github.com/mozilla/hubs-cloud/issues/76 https://github.com/mozilla/hubs-cloud/issues/56

┆Issue is synchronized with this Jira Task

[misslivirose]

This impacts all deployments that stream video, who are also using Cloudflare as a CDN. We recommend Cloudflare in the admin panel as part of our recommendations, so it is likely people who are using Hubs Cloud will configure that. Depending on how video-heavy their deployment is, this can cause a completely breaking situation where the entire deployment fails.

Cloudflare flags the traffic (once it is past a certain threshold, we don't know what it is) as breaking their terms of service, so they suspend the account which breaks the entire Hubs Cloud deployment. Getting out of the broken state requires going into the parameter store, which will unblock accessing the rooms, but the content is still not served properly at that point. You need to then restart the instance and can potentially get into the admin panel to remove the Cloudflare configuration, but it is not totally understood if it is possible to restore the stack to its original state.

We need to either:

• Change our recommendation from Cloudflare to Stackpath and pull out the Cloudflare configuration in the admin console and replace it, or
• Remove the CDN altogether, which has the downside of incurring significantly higher streaming costs to the user
• Keep Cloudflare active but include a warning message EVERYWHERE that they should only turn that on if they are NOT planning to stream video. We should tell them what will happen if they stream video (they may be in violation of Cloudflare's TOS) and probably make them acknowledge that it may break their server before they enable it.

[camelgod]

Just sharing some experiences from hubs cloud developer perspective: Cloudflare workers has been really awesome for our previous international (attendees from 60+ countries) events and really made things work smooth. As long as stackpath is equally performant i dont mind, but consider this use case:

During our mission critical events we have opted for a fourth alternative to not reverse proxy any video or livestreams, instead directly allowing cors from whatever hosts we need to use (googlevideo, aws medialive / cloudfront). Could be useful to explore an admin panel whitelisting of hosts to bypass the reverse proxy (and cloudflare) (Also blacklisting stuff like adult video sites etc.). Doing this we also dont make region restricted content from for example youtube available for users who are not supposed to see it.

Would at least be nice to have cloudflare as an option for my use case where I control most video streams coming into the rooms. (unless I am mistaking this thread for something that impacts my setup aswell).

[vjFred]

Hello, i posted on Discord how this Cloudflare Issue affect my entire site and shut down the hubs deployment, all our content on Hubs it is been kidnapped by Cloudflare for a week, and this happen in the middle of an event, with no warnings, in our both paid AWS and Cloudflare workers escenario. So please remove the Couldflare indications on admin.